IIRC Dug Song's libdnet supports just that. See his fragroute as an example on how to use it.
.mike > Hi, > > I was reading through an interview of pf developers[*], where Mike > Frantzen commented that > > <quote> > There are already two ways to emulate Linux's DIVERT sockets and turn > an IDS into an IPS (Intrusion Prevention System). One could use PF to > route the packets to a tunnel device and read them there. > </quote> > > Can some one elaborate on how this works? I could not find any other > mention of this technique anywhere else. > > Thanks and regards, > > raj > > > [*] http://www.onlamp.com/pub/a/bsd/2004/05/06/pf_developers.html?page=4
